libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge pull request #2786 from stianst/master

Browse source 
KEYCLOAK-2865 Extend coverage of client admin endpoints
This commit is contained in:
Stian Thorgersen 2016-05-06 11:13:15 +02:00
commit f4d751c839
12 changed files with 227 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientResource.java
View file

@ -113,7 +113,8 @@ public interface ClientResource {
@POST
@Path("push-revocation")
public void pushRevocation();
@Produces(MediaType.APPLICATION_JSON)
void pushRevocation();
@Path("/scope-mappings")
public RoleMappingResource getScopeMappings();
@ -138,6 +139,7 @@ public interface ClientResource {
@Path("test-nodes-available")
@GET
@Produces(MediaType.APPLICATION_JSON)
GlobalRequestResult testNodesAvailable();
}

2
services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
View file

@ -324,6 +324,7 @@ public class ClientResource {
*/
@Path("push-revocation")
@POST
@Produces(MediaType.APPLICATION_JSON)
public GlobalRequestResult pushRevocation() {
auth.requireManage();
@ -522,6 +523,7 @@ public class ClientResource {
@Path("test-nodes-available")
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public GlobalRequestResult testNodesAvailable() {
auth.requireManage();

20
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestApplicationResourceProvider.java
View file

@ -22,6 +22,7 @@ import org.keycloak.jose.jws.JWSInputException;
import org.keycloak.models.KeycloakSession;
import org.keycloak.representations.adapters.action.LogoutAction;
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
import org.keycloak.representations.adapters.action.TestAvailabilityAction;
import org.keycloak.services.resource.RealmResourceProvider;
import org.keycloak.services.resources.RealmsResource;
import org.keycloak.testsuite.events.EventsListenerProvider;
@ -48,12 +49,15 @@ public class TestApplicationResourceProvider implements RealmResourceProvider {
private final BlockingQueue<LogoutAction> adminLogoutActions;
private final BlockingQueue<PushNotBeforeAction> adminPushNotBeforeActions;
private final BlockingQueue<TestAvailabilityAction> adminTestAvailabilityAction;
public TestApplicationResourceProvider(KeycloakSession session, BlockingQueue<LogoutAction> adminLogoutActions,
BlockingQueue<PushNotBeforeAction> adminPushNotBeforeActions) {
BlockingQueue<PushNotBeforeAction> adminPushNotBeforeActions,
BlockingQueue<TestAvailabilityAction> adminTestAvailabilityAction) {
this.session = session;
this.adminLogoutActions = adminLogoutActions;
this.adminPushNotBeforeActions = adminPushNotBeforeActions;
this.adminTestAvailabilityAction = adminTestAvailabilityAction;
}
@POST
@ -70,6 +74,13 @@ public class TestApplicationResourceProvider implements RealmResourceProvider {
adminPushNotBeforeActions.add(new JWSInput(data).readJsonContent(PushNotBeforeAction.class));
}
@POST
@Consumes(MediaType.TEXT_PLAIN)
@Path("/admin/k_test_available")
public void testAvailable(String data) throws JWSInputException {
adminTestAvailabilityAction.add(new JWSInput(data).readJsonContent(TestAvailabilityAction.class));
}
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("/poll-admin-logout")
@ -84,6 +95,13 @@ public class TestApplicationResourceProvider implements RealmResourceProvider {
return adminPushNotBeforeActions.poll(10, TimeUnit.SECONDS);
}
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("/poll-test-available")
public TestAvailabilityAction getTestAvailable() throws InterruptedException {
return adminTestAvailabilityAction.poll(10, TimeUnit.SECONDS);
}
@POST
@Path("/clear-admin-actions")
public Response clearAdminActions() {

4
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestApplicationResourceProviderFactory.java
View file

@ -24,6 +24,7 @@ import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.representations.adapters.action.AdminAction;
import org.keycloak.representations.adapters.action.LogoutAction;
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
import org.keycloak.representations.adapters.action.TestAvailabilityAction;
import org.keycloak.services.resource.RealmResourceProvider;
import org.keycloak.services.resource.RealmResourceProviderFactory;
@ -37,10 +38,11 @@ public class TestApplicationResourceProviderFactory implements RealmResourceProv
private BlockingQueue<LogoutAction> adminLogoutActions = new LinkedBlockingDeque<>();
private BlockingQueue<PushNotBeforeAction> pushNotBeforeActions = new LinkedBlockingDeque<>();
private BlockingQueue<TestAvailabilityAction> testAvailabilityActions = new LinkedBlockingDeque<>();
@Override
public RealmResourceProvider create(KeycloakSession session) {
return new TestApplicationResourceProvider(session, adminLogoutActions, pushNotBeforeActions);
return new TestApplicationResourceProvider(session, adminLogoutActions, pushNotBeforeActions, testAvailabilityActions);
}
@Override

6
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java
View file

@ -19,6 +19,7 @@ package org.keycloak.testsuite.client.resources;
import org.keycloak.representations.adapters.action.LogoutAction;
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
import org.keycloak.representations.adapters.action.TestAvailabilityAction;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
@ -43,6 +44,11 @@ public interface TestApplicationResource {
@Path("/poll-admin-not-before")
PushNotBeforeAction getAdminPushNotBefore();
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("/poll-test-available")
TestAvailabilityAction getTestAvailable();
@POST
@Path("/clear-admin-actions")
Response clearAdminActions();

25
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java
View file

@ -72,17 +72,17 @@ public class OAuthClient {
private String baseUrl = AUTH_SERVER_ROOT;
private String realm = "test";
private String realm;
private String clientId = "test-app";
private String clientId;
private String redirectUri = APP_ROOT + "/auth";
private String redirectUri;
private String state = "mystate";
private String state;
private String scope;
private String uiLocales = null;
private String uiLocales;
private String clientSessionState;
@ -90,12 +90,19 @@ public class OAuthClient {
private Map<String, PublicKey> publicKeys = new HashMap<>();
public void setAdminClient(Keycloak adminClient) {
public void init(Keycloak adminClient, WebDriver driver) {
this.adminClient = adminClient;
}
public void setDriver(WebDriver driver) {
this.driver = driver;
baseUrl = AUTH_SERVER_ROOT;
realm = "test";
clientId = "test-app";
redirectUri = APP_ROOT + "/auth";
state = "mystate";
scope = null;
uiLocales = null;
clientSessionState = null;
clientSessionHost = null;
}
public AuthorizationCodeResponse doLogin(String username, String password) {

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java
View file

@ -151,8 +151,7 @@ public abstract class AbstractKeycloakTest {
importTestRealms();
oauth.setAdminClient(adminClient);
oauth.setDriver(driver);
oauth.init(adminClient, driver);
}
@After

164
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
View file

@ -18,21 +18,37 @@
package org.keycloak.testsuite.admin;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ProtocolMappersResource;
import org.keycloak.admin.client.resource.RoleMappingResource;
import org.keycloak.common.util.Time;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.Constants;
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
import org.keycloak.representations.adapters.action.GlobalRequestResult;
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
import org.keycloak.representations.adapters.action.TestAvailabilityAction;
import org.keycloak.representations.idm.*;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.keycloak.services.resources.admin.ScopeMappedResource;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.CredentialBuilder;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse;
import org.keycloak.testsuite.util.RoleBuilder;
import org.keycloak.testsuite.util.UserBuilder;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@ -174,6 +190,154 @@ public class ClientTest extends AbstractAdminTest {
assertClient(client, storedClient);
}
@Test
public void serviceAccount() {
Response response = realm.clients().create(ClientBuilder.create().clientId("serviceClient").serviceAccount().build());
String id = ApiUtil.getCreatedId(response);
UserRepresentation userRep = realm.clients().get(id).getServiceAccountUser();
assertEquals("service-account-serviceclient", userRep.getUsername());
}
@Test
public void pushRevocation() {
testingClient.testApp().clearAdminActions();
String redirectUri = oauth.getRedirectUri().replace("/master/", "/" + REALM_NAME + "/");
ClientRepresentation client = new ClientRepresentation();
client.setClientId("test-app");
client.setAdminUrl(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/app/admin");
client.setRedirectUris(Collections.singletonList(redirectUri));
client.setSecret("secret");
int notBefore = Time.currentTime() - 60;
client.setNotBefore(notBefore);
Response response = realm.clients().create(client);
String id = ApiUtil.getCreatedId(response);
response.close();
realm.clients().get(id).pushRevocation();
PushNotBeforeAction pushNotBefore = testingClient.testApp().getAdminPushNotBefore();
assertEquals(notBefore, pushNotBefore.getNotBefore());
}
@Test
public void nodes() {
testingClient.testApp().clearAdminActions();
String redirectUri = oauth.getRedirectUri().replace("/master/", "/" + REALM_NAME + "/");
ClientRepresentation client = new ClientRepresentation();
client.setClientId("test-app");
client.setAdminUrl(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/app/admin");
client.setRedirectUris(Collections.singletonList(redirectUri));
client.setSecret("secret");
Response response = realm.clients().create(client);
String id = ApiUtil.getCreatedId(response);
response.close();
realm.clients().get(id).registerNode(Collections.singletonMap("node", suiteContext.getAuthServerInfo().getContextRoot().getHost()));
realm.clients().get(id).registerNode(Collections.singletonMap("node", "invalid"));
GlobalRequestResult result = realm.clients().get(id).testNodesAvailable();
assertEquals(1, result.getSuccessRequests().size());
assertEquals(1, result.getFailedRequests().size());
TestAvailabilityAction testAvailable = testingClient.testApp().getTestAvailable();
assertEquals("test-app", testAvailable.getResource());
assertEquals(2, realm.clients().get(id).toRepresentation().getRegisteredNodes().size());
realm.clients().get(id).unregisterNode("invalid");
assertEquals(1, realm.clients().get(id).toRepresentation().getRegisteredNodes().size());
}
@Test
public void offlineUserSessions() throws IOException {
String redirectUri = oauth.getRedirectUri().replace("/master/", "/" + REALM_NAME + "/");
ClientRepresentation client = new ClientRepresentation();
client.setClientId("test-app");
client.setAdminUrl(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/app/admin");
client.setRedirectUris(Collections.singletonList(redirectUri));
client.setSecret("secret");
Response response = realm.clients().create(client);
String id = ApiUtil.getCreatedId(response);
response.close();
response = realm.users().create(UserBuilder.create().username("testuser").build());
String userId = ApiUtil.getCreatedId(response);
response.close();
realm.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());
Map<String, Long> offlineSessionCount = realm.clients().get(id).getOfflineSessionCount();
assertEquals(new Long(0), offlineSessionCount.get("count"));
oauth.realm(REALM_NAME);
oauth.redirectUri(redirectUri);
oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
oauth.doLogin("testuser", "password");
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "secret");
assertEquals(200, accessTokenResponse.getStatusCode());
offlineSessionCount = realm.clients().get(id).getOfflineSessionCount();
assertEquals(new Long(1), offlineSessionCount.get("count"));
List<UserSessionRepresentation> offlineUserSessions = realm.clients().get(id).getOfflineUserSessions(0, 100);
assertEquals(1, offlineUserSessions.size());
assertEquals("testuser", offlineUserSessions.get(0).getUsername());
}
@Test
public void scopes() {
Response response = realm.clients().create(ClientBuilder.create().clientId("client").fullScopeEnabled(false).build());
String id = ApiUtil.getCreatedId(response);
response.close();
RoleMappingResource scopesResource = realm.clients().get(id).getScopeMappings();
realm.roles().create(RoleBuilder.create().name("role1").build());
realm.roles().create(RoleBuilder.create().name("role2").build());
RoleRepresentation roleRep1 = realm.roles().get("role1").toRepresentation();
RoleRepresentation roleRep2 = realm.roles().get("role2").toRepresentation();
realm.roles().get("role1").addComposites(Collections.singletonList(roleRep2));
String accountMgmtId = realm.clients().findByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).get(0).getId();
RoleRepresentation viewAccountRoleRep = realm.clients().get(accountMgmtId).roles().get(AccountRoles.VIEW_PROFILE).toRepresentation();
scopesResource.realmLevel().add(Collections.singletonList(roleRep1));
scopesResource.clientLevel(accountMgmtId).add(Collections.singletonList(viewAccountRoleRep));
Assert.assertNames(scopesResource.realmLevel().listAll(), "role1");
Assert.assertNames(scopesResource.realmLevel().listEffective(), "role1", "role2");
Assert.assertNames(scopesResource.realmLevel().listAvailable(), "offline_access");
Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listAll(), AccountRoles.VIEW_PROFILE);
Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listEffective(), AccountRoles.VIEW_PROFILE);
Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listAvailable(), AccountRoles.MANAGE_ACCOUNT);
Assert.assertNames(scopesResource.getAll().getRealmMappings(), "role1");
Assert.assertNames(scopesResource.getAll().getClientMappings().get(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).getMappings(), AccountRoles.VIEW_PROFILE);
scopesResource.realmLevel().remove(Collections.singletonList(roleRep1));
scopesResource.clientLevel(accountMgmtId).remove(Collections.singletonList(viewAccountRoleRep));
Assert.assertNames(scopesResource.realmLevel().listAll());
Assert.assertNames(scopesResource.realmLevel().listEffective());
Assert.assertNames(scopesResource.realmLevel().listAvailable(), "offline_access", "role1", "role2");
Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listAll());
Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listAvailable(), AccountRoles.VIEW_PROFILE, AccountRoles.MANAGE_ACCOUNT);
Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listEffective());
}
public static void protocolMappersTest(ProtocolMappersResource mappersResource) {
// assert default mappers found
List<ProtocolMapperRepresentation> protocolMappers = mappersResource.getMappers();

24
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTest.java
View file

@ -91,28 +91,4 @@ public class ClientTest extends AbstractClientTest {
assertEqualClients(rep, gotById);
}
/* DEPRECATED?
@Test
public void testAllowedOrigins() {
createOidcClient("originsClient");
ClientResource client = findClientResource("originsClient");
java.util.Set<String> origins = client.getAllowedOrigins();
assertEquals(1, origins.size());
assertTrue(origins.contains("foo/*"));
origins.add("bar/*");
client.updateAllowedOrigins(origins); //<-- STACK OVERFLOW
origins = client.getAllowedOrigins();
assertEquals(2, origins.size());
assertTrue(origins.contains("foo/*"));
assertTrue(origins.contains("bar/*"));
java.util.Set<String> toRemove = new java.util.HashSet<>();
toRemove.add("bar/*");
client.removeAllowedOrigins(origins);
origins = client.getAllowedOrigins();
assertEquals(1, origins.size());
assertTrue(origins.contains("foo/*"));
} */
}

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/SSOTest.java
View file

@ -113,8 +113,7 @@ public class SSOTest extends TestRealmKeycloakTest {
try {
//OAuthClient oauth2 = new OAuthClient(driver2);
OAuthClient oauth2 = new OAuthClient();
oauth2.setDriver(driver2);
oauth2.setAdminClient(adminClient);
oauth2.init(adminClient, driver2);
oauth2.state("mystate");
oauth2.doLogin("test-user@localhost", "password");

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
View file

@ -95,7 +95,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
.clientId("client2")
.directAccessGrants()
.serviceAccountsEnabled(true)
.redirectUris(oauth.getRedirectUri())
.redirectUris(OAuthClient.APP_ROOT + "/auth")
.attribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFPPQDGxTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdjbGllbnQxMB4XDTE1MDgxNzE4NTAwNVoXDTI1MDgxNzE4NTE0NVowEjEQMA4GA1UEAwwHY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMw3PaBffWxgS2PYSDDBp6As+cNvv9kt2C4f/RDAGmvSIHPFev9kuQiKs3Oaws3ZsV4JG3qHEuYgnh9W4vfe3DwNwtD1bjL5FYBhPBFTw0lAQECYxaBHnkjHwUKp957FqdSPPICm3LjmTcEdlH+9dpp9xHCMbbiNiWDzWI1xSxC8Fs2d0hwz1sd+Q4QeTBPIBWcPM+ICZtNG5MN+ORfayu4X+Me5d0tXG2fQO//rAevk1i5IFjKZuOjTwyKB5SJIY4b8QTeg0g/50IU7Ht00Pxw6CK02dHS+FvXHasZlD3ckomqCDjStTBWdhJo5dST0CbOqalkkpLlCCbGA1yEQRsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAUIMeJ+EAo8eNpCG/nXImacjrKakbFnZYBGD/gqeTGaZynkX+jgBSructTHR83zSH+yELEhsAy+3BfK4EEihp+PEcRnK2fASVkHste8AQ7rlzC+HGGirlwrVhWCdizNUCGK80DE537IZ7nmZw6LFG9P5/Q2MvCsOCYjRUvMkukq6TdXBXR9tETwZ+0gpSfsOxjj0ZF7ftTRUSzx4rFfcbM9fRNdVizdOuKGc8HJPA5lLOxV6CyaYIvi3y5RlQI1OHeS34lE4w9CNPRFa/vdxXvN7ClyzA0HMFNWxBN7pC/Ht/FbhSvaAagJBHg+vCrcY5C26Oli7lAglf/zZrwUPs0w==")
.authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
.build();

11
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ClientBuilder.java
View file

@ -17,6 +17,7 @@
package org.keycloak.testsuite.util;
import org.keycloak.dom.saml.v2.ac.BooleanType;
import org.keycloak.representations.idm.ClientRepresentation;
import java.util.Arrays;
@ -58,11 +59,21 @@ public class ClientBuilder {
return this;
}
public ClientBuilder serviceAccount() {
rep.setServiceAccountsEnabled(true);
return this;
}
public ClientBuilder directAccessGrants() {
rep.setDirectAccessGrantsEnabled(true);
return this;
}
public ClientBuilder fullScopeEnabled(Boolean fullScopeEnabled) {
rep.setFullScopeAllowed(fullScopeEnabled);
return this;
}
public ClientBuilder secret(String secret) {
rep.setSecret(secret);
return this;